2003 07 24 larry clinton presentation for org of american states oas about isa and information...
TRANSCRIPT
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
1/21
Larry ClintonOperations Officer
Internet Security [email protected]
202-236-0001
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
2/21
The Internet Security Alliance
The Internet Security Alliance is a collaborative effort between
Carnegie Mellon UniversitysSoftware Engineering Institute (SEI)
and its CERT Coordination Center (CERT/CC) and the Electronic
Industries Alliance (EIA), a federation of trade associations with
over 2,500 members.
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
3/21
ISAlliance Distinctions
International in membership and leadership
Inter-sectoral---like the Internet
Organized on business, not nation state, lines ISAlliance IS a Public Private Partnership
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
4/21
Sponsors of ISAlliance
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
5/21
GOALS OF
PRESENTATION 1. Focus on the PRIVATE side of the public privatepartnership
2. Demonstrate the Business case for cyber securityand how ISAlliance is trying to help
3. Discuss successful information sharing
4. Discuss International Cooperation--OAS
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
6/21
Klez virus:- Clean up and lost productivity: $9 billion
Code Red: 1 million computers affected Clean-up and lost productivity: $2.6 billion
Love Bug: 50 variants, 40 million computers affected Clean-up and lost productivity: $8.8 billion
Nimda Clean-up and lost productivity: $1.2 billion Slammer Clean up and lost productivity: $1 billion +
Impact of Attacks on Business
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
7/21
Business case for Cyber
Security
Designing strong security into informationinfrastructure can reduce overall operating
costs enabling cost-saving processes such as
remote access and improved supply chainswhich could not have occurred in networks
lacking appropriate security
(Critical Infrastructure Protection Board2003)
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
8/21
Business Case for Cyber
Security Research reported in CSO Magazine in 2002demonstrates a 21% Return on Investment forcyber security systems implemented early in
network development.
The costs of a sever computer attack are likely tobe greater than the preemptive investment in a
cyber security program would havebeen. (National Strategy to Secure Cyber Space2003)
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
9/21
ISAlliance Market-
incentives for security Visa ----Digital dozen program
Nortel ---Mandated security for vendors program
Verizon---Packaging and education programs forhome users
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
10/21
ISAlliance Cyber-Insurance
Program
Coverage for members Market incentive for increased security practices 10% discount off best prices from AIG Additional 5% discount for implementing ISAlliance
Best Practices (July 2002)
Discounts more than offset sponsorship dues
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
11/21
Adopt and Implement
ISAlliance Best Practices
Cited in US National DraftStrategy to Protect Cyber
Space (September 2002)
Endorsed by TechNet for CEOSecurity Initiative (April 2003)
Endorsed US India BusinessCouncil (April 2003)
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
12/21
ISAlliance/CERT/cc Special
Communications
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
13/21
Benefits of Information Sharing
Organizations
May lesson the likelihood of attackOrganizations that share information about computer break ins are less
attractive targets for malicious attackers. NYT 2003
Participants in information sharing have theability to better prepare for attacks(Harvard study 2003)
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
14/21
Examples of Successful
ISAlliance Information Sharing I
SNMP vulnerability
October 2001 CERT notified ISAlliance members of SNMPvulnerability. CERT provides protection advise to membership while
waiting for patch development.
CERT provides ISAlliance members with updates in November,January 4, January 16, Feb. 7. ISAlliance conference calls discuss
remediation, press relations and use of vendor patches. SNMP Publicly disclosed Feb. 12, 2002. No ISAlliance members are affected by SNMP
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
15/21
Examples of Successful
Information Sharing II
SLAMMER WORM 2002-2003 May 2002, CERT Notifies ISAlliance members of
slammer vulnerability. Provides advise forprotection while awaiting patch
July 2002 Microsoft provides patch January 2003 Slammer Worm attacks, fastest
infection rate to date.
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
16/21
Examples of Successful
Information Sharing III July 2003 CISCO IOS Interface July 16, acting on information from Cisco, CERT
informs ISAlliance members of vulnerability advises
applying Cisco patch and steps that can be takenuntil the patch is applied.
July 17 ISAlliance Exec Communication &conference call
July 18 ISAlliance Exec Communication & call
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
17/21
Why ISAlliance Info
Sharing Succeeds CERT/cc leadership and credibility
History (2 years) and regularity build trust
Inter-sectoral/International membership notinhibited by competitive concerns
Success breeds success
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
18/21
International Outreach---
India Confederation of Indian Industries/US-India
Business Council/ISAlliance
6 Teleconferences discussing cyber security issuesand needs (summer 2003)
US tour for Indian companies seeking partnershipsin America (fall 2003
ISAlliance trip to India including ISA/CERT Training(winter 2003/4) implementing a gold standard ofcyber security
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
19/21
International
Cooperation---Japan 2002 ISAlliance visits Japan meets with Japanese
Ministry of JEDA and Japan Network Security
Association
July 30, 2003 30 member delegation from JapanNetwork Security Association visits ISAlliance to
discuss partnerships
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
20/21
International Cooperation/
OAS Region
ISAlliance is looking for partners in region Must be committed to security and past muster with
ISAlliance Board and CERT
This is a partnership. It requires commitment andinvestment
-
7/31/2019 2003 07 24 Larry Clinton Presentation for Org of American States OAS About ISA and Information Sharing
21/21
Larry ClintonOperations Officer
Internet Security Alliance
202-236-0001